From 62e0a64f263b530787a663ce2dc62c7aeefdb3ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=B6rz=2C=20Friedrich?= Date: Fri, 8 Apr 2022 13:02:36 +0000 Subject: [PATCH] DEV-414: follow-up tasks prod@hetzner-incident --- ansible.cfg | 2 +- group_vars/all/plain.yml | 15 +++++++------- patchday.yml | 23 ++++++++++++++++++++-- roles/harbor/tasks/install.yml | 1 + roles/postgres/tasks/_create_backup.yml | 22 +++++++++++++++++++++ roles/postgres/tasks/base-requirements.yml | 22 --------------------- 6 files changed, 53 insertions(+), 32 deletions(-) diff --git a/ansible.cfg b/ansible.cfg index 7d7c142..9760a1b 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -2,7 +2,7 @@ pipelining = True host_key_checking = False inventory_plugins = ./inventory_plugins -callback_whitelist = profile_tasks +callbacks_enabled = profile_tasks interpreter_python = auto_silent log_path=last_ansible_run forks = 30 diff --git a/group_vars/all/plain.yml b/group_vars/all/plain.yml index 60af008..4438dfe 100644 --- a/group_vars/all/plain.yml +++ b/group_vars/all/plain.yml @@ -137,12 +137,13 @@ docker_compose_path: "/usr/bin/docker-compose" service_base_path: '/etc/smardigo' -gitea_admin_email: "nso.devops@netgo.de" -lets_encrypt_email: "nso.devops@netgo.de" -connect_admin_email: "nso.devops@netgo.de" -keycloak_admin_email: "nso.devops@netgo.de" -pgadmin4_admin_email: "nso.devops@netgo.de" -harbor_oidc_admin_email: "nso.devops@netgo.de" +devops_email_address: "nso.devops@netgo.de" +gitea_admin_email: '{{ devops_email_address }}' +lets_encrypt_email: '{{ devops_email_address }}' +connect_admin_email: '{{ devops_email_address }}' +keycloak_admin_email: '{{ devops_email_address }}' +pgadmin4_admin_email: '{{ devops_email_address }}' +harbor_oidc_admin_email: '{{ devops_email_address }}' http_port: "80" https_port: "443" @@ -209,4 +210,4 @@ k8s_basic_services: - containerd selfsigned_ca_private_key_passphrase: '{{ selfsigned_ca_private_key_passphrase_vault }}' - \ No newline at end of file + diff --git a/patchday.yml b/patchday.yml index 6f8889a..dbdae36 100644 --- a/patchday.yml +++ b/patchday.yml @@ -107,7 +107,7 @@ delay: 15 timeout: 180 port: 5432 - host: '{{ stage_server_ip }}' + host: '{{ stage_private_server_ip }}' register: check_postgres - name: "Smardigo Patchday: restart postgres and check listing on net internal ip address again" @@ -123,10 +123,29 @@ delay: 15 timeout: 180 port: 5432 - host: '{{ stage_server_ip }}' + host: '{{ stage_private_server_ip }}' register: check_postgres failed_when: check_postgres_again.failed + rescue: + - name: send mail to DEVOPS-DL + delegate_to: '{{ stage }}-mail-01' + community.general.mail: + host: localhost + port: 25 + to: '{{ devops_email_address }}' + subject: "patchday( {{ lookup('pipe','date +%Y-%m-%d_%H:%M') }} ) problem report for {{ inventory_hostname }}" + body: | + Dear Sir or Madam, + + I have to inform you that {{ inventory_hostname }} isn'n listening on {{ stage_private_server_ip }} anymore. + + Plz check what happened/ fix it little padawan ;) + + kind regards, + + your automation-bofh + when: - check_postgres.failed diff --git a/roles/harbor/tasks/install.yml b/roles/harbor/tasks/install.yml index f40d9e5..e3a82a5 100644 --- a/roles/harbor/tasks/install.yml +++ b/roles/harbor/tasks/install.yml @@ -162,3 +162,4 @@ systemd: name: harbor state: started + enabled: yes diff --git a/roles/postgres/tasks/_create_backup.yml b/roles/postgres/tasks/_create_backup.yml index 171c2ed..918c22f 100644 --- a/roles/postgres/tasks/_create_backup.yml +++ b/roles/postgres/tasks/_create_backup.yml @@ -13,6 +13,28 @@ owner: postgres group: postgres +- name: "Block: gpg stuff" + become: yes + become_user: postgres + block: + - name: Create temp dir + ansible.builtin.tempfile: + state: directory + suffix: gitcheckout + path: /tmp + register: tempdir + + - name: "Checkout repo for gpg communication-keys" + ansible.builtin.git: + repo: 'https://{{ gituser | default("gitea-admin") | urlencode }}:{{ gitea_admin_password | urlencode }}@{{ stage }}-gitea-01.{{ domain }}/gitea-admin/communication-keys.git' + dest: '{{ tempdir.path }}' + version: master + +# there is no ansible gpg module already in place +# linting violation needs to be whitelisted + - name: "Importing stage specific automation gpg-key" # noqa command-instead-of-shell + shell: 'gpg --import {{ tempdir.path }}/smardigo_automation_{{ stage }}.gpg.pub' + # there is no ansible module already in place for (pg_basebackup|gpg) # so using shell module - name: "Creating pg_basebackup ... + doing async check if successful or not" diff --git a/roles/postgres/tasks/base-requirements.yml b/roles/postgres/tasks/base-requirements.yml index 8ba9e66..0919cc8 100644 --- a/roles/postgres/tasks/base-requirements.yml +++ b/roles/postgres/tasks/base-requirements.yml @@ -134,25 +134,3 @@ - name: "Delete prometheus_postgres_exporter init script" file: path="/tmp/prometheus_postgres_exporter.sql" state=absent when: "role_check.stdout == '0' and server_type == 'master'" - -- name: "Block: gpg stuff" - become: yes - become_user: postgres - block: - - name: Create temp dir - ansible.builtin.tempfile: - state: directory - suffix: gitcheckout - path: /tmp - register: tempdir - - - name: "Checkout repo for gpg communication-keys" - ansible.builtin.git: - repo: 'https://{{ gituser | default("gitea-admin") | urlencode }}:{{ gitea_admin_password | urlencode }}@{{ stage }}-gitea-01.smardigo.digital/gitea-admin/communication-keys.git' - dest: '{{ tempdir.path }}' - version: master - -# there is no ansible gpg module already in place -# linting violation needs to be whitelisted - - name: "Importing stage specific automation gpg-key" # noqa command-instead-of-shell - shell: 'gpg --import {{ tempdir.path }}/smardigo_automation_{{ stage }}.gpg.pub'